DFCAB utilizes multiple storage vendors for various tasks, ranging from production servers to backup-to-disk and archiving solutions.
DFCAB uses Dell (Equallogic/EMC) storage for its production systems using RAID-10 disk redundancy. DFCAB also utilizes enterprise-grade storage systems using RAID-6 disk redundancy for backups and archiving.
All storage systems reside on their own network architecture which is inaccessible to any systems except those specified by DFCAB as appropriate for access, protected by multiple firewall layers and rulesets.
DFCAB support services are available 24/7 (24 hours per day, 7 days per week). DFCAB does not currently provide direct support to PowerFlow customers as it is a services provider for PowerFlow Solutions products. Any and all PowerFlow Solutions support requests should be directed to PowerFlow Solutions and a representative of PowerFlow Solutions will act as the intermediary and point of contact in any scenarios requiring support services.
ELECTRONIC BACKUP AND RECOVERY
DFCAB has a multifold backup and DR system in place:
DFCAB performs nightly full backups of all machines as well as transaction log backups for database servers every 15 minutes. These backups are encrypted and maintained on a hot backup storage device for up to 60 days. DFCAB also archives these encrypted backups to a hardened archive storage device for a retention period of at least 1 year (with immutability). Finally, DFCAB also archives these backups to encrypted off-site immutable media and maintains these archives for a period of up to 6 months, achieving a true 3-2-1 backup scheme.
DFCAB hot-replicates all essential production machines to a secondary system six times daily for DR purposes (every 4 hours). DFCAB maintains the 6 most recent replicas of each server to facilitate the immediate recovery of a failed server up to 24 hours old.
DFCAB health-checks all backup data on a weekly basis to ensure its integrity, excepting the offsite archive media which is checked monthly.
DFCAB maintains a cold (offline) server in a secure secondary location which can be utilized in the event of a catastrophic loss of hardware at our primary location. DFCAB tests this server on a monthly basis by restoring the most recent offsite archive media and briefly testing to ensure the restored systems behave as expected.
DFCAB does not currently hold any certifications since it is a customer of its Data Center provider. DFCAB’s Data Center provider is a SSAE 16 SOC 2 Type II certificate holder.
DFCAB maintains liability insurance via The Hartford, an A+ rated carrier
SECURITY AND DATA MANAGEMENT
DFCAB will use commercially reasonable efforts to ensure that access to DFCAB’s Data Center facility space will be monitored and restricted at all times. Efforts to ensure security to the facility is maintained via security card, video surveillance and security vestibule controlled by the Data Center provider.
DFCAB will not allow any non-employee physical access to its systems and will work with its Data Center provider to ensure the that only those with the authority are given access to the Data Center DFCAB shares with other customers and that the DFCAB equipment is safeguarded via physical lock and surveillance.
Offsite backup rotation shall be allowed only to DFCAB employees per the physical access rules stated above. Off-site data shall be maintained in a fireproof, locked container with physical access allowed only to those DFCAB employees.
DFCAB will make every reasonable effort to ensure that any Customer data is safeguarded via network controls by explicit firewall rules.
In a dedicated services environment, Customer shall provide PowerFlow Solutions with external IP addresses to be used in these firewall rules to allow/deny external network access, which will then be relayed to DFCAB, deployed and confirmed by PowerFlow Solutions.
In a shared services environment, there are no specific rules in place to keep other PowerFlow users from accessing Customer’s data since this is a shared platform.
SERVICE LEVEL AGREEMENT
DFCAB provides a network uptime guarantee of 99% to customers of PowerFlow Solutions. The DFCAB network is comprised of the Local Area network (LAN) in the Data Center and the Internet Service Provider.
Availability of this SLA may be subject to further conditions or qualifications set forth in the Agreement with PowerFlow Solutions. All remedies set out herein shall not be cumulative, and shall be Customer’s sole and exclusive remedy under the relevant Agreement. Network Availability The DFCAB IP Network is guaranteed to be available and capable of forwarding IP packets 99% of the time, as averaged over a calendar month. The DFCAB Network availability guarantee does not include Customer Premise Equipment, Customer’s Local Area Network (LAN), scheduled maintenance events, customer caused outages/ disruptions or interconnection connectivity within its Internet Service Provider’s (ISP) networks or facilities issues of its Data Center provider, nor does it include any and all issues related to any software provided by PowerFlow Solutions.
Managed Service Responsibility
DFCAB provides managed service hardware and software for DFCAB provided Routers, Firewalls, Servers, and Operating Systems and is solely responsible for maintaining these systems. PowerFlow Solutions provides its software for its customers and is solely responsible for maintaining the installation, upgrade and support of this software.
In the event of an outage due to hardware or software failure, DFCAB will guarantee restore time for server replacement and operational software within 4 hours from the point of the known outage. DFCAB will restore all services to the most recent state maintained either via backup or replication including operating system, antivirus, and security access with the choice for viability to be determined by DFCAB.
A Service Outage begins when DFCAB is notified by PowerFlow Solutions or becomes aware of the failure, whichever occurs first. A Service Outage ends when the affected network or facility service is again operational. DFCAB may undertake Critical Maintenance at any time deemed necessary and shall provide notice of Outage to PowerFlow Solutions under practical circumstances.
If DFCAB fails to meet the above availability SLA, for each cumulative hour of Service Unavailability, exceeding the initial sixty (60) minutes of unavailability per month, Customer shall be entitled to one (1) day’s credit pro-rated from Customer’s Recurring Monthly Service Fees as negotiated by PowerFlow Solutions, not to exceed a total of fifteen (15) days prorated recurring monthly service charges. Credit requests shall be negotiated and requested via PowerFlow Solutions and shall be reviewed by both DFCAB and PowerFlow Solutions for validity, acceptance and remuneration method.
“Managed Systems Unavailability” is defined as the number of minutes in which the service is not available, but does not include any unavailability attributable to:
Scheduled Maintenance will typically be performed between the hours of 12am and 6am Central time except under special circumstances defined and agreed to by PowerFlow Solutions. Normal maintenance includes (1) upgrades of hardware and software; (2) upgrades to capacity; (3) network activity that may degrade the quality of service or cause service interruptions.
Critical maintenance may be performed at any time to correct conditions that require immediate attention. Critical maintenance is performed at the discretion of DFCAB and may degrade or disrupt service. All reasonable business efforts will be attempted to notify the Customer’s designated point of contact as is reasonably practicable under the circumstance.
Neither DFCAB, PowerFlow Solutions nor Customer shall be responsible for damages or for delays or failures in performance resulting from acts or occurrences beyond their reasonable control, including without limitation: fire, lightning, explosion, power surge or failure, water, acts of God, war, revolution, civil commotion or acts of civil or military authorities or public enemies; any law, order, regulation, ordinance, or requirement of any government or legal body or any representative of any such government or legal body; or labor unrest, including strikes, slowdowns, picketing or boycotts; inability to secure raw materials, transportation facilities, fuel or energy shortages, or acts or omissions of other common carriers.
DFCAB reserves the right to change, amend, or revise this SLA policy at any time. Changes or revisions to the SLA will be deemed effective upon posting the applicable revision on DFCAB’s publicly accessible website.